Hi Steven, My understanding is that your nat_uac_test function never return
true for your outgoing INVITEs due to the value you have used (23). I think you
need to add 8 as well resulting 31 as the value to nat_uac_test function.
- if (nat_uac_test("23")) {
+if (nat_uac_test("31")) {
8 - SDP is searched for occurrence of RFC1918 / RFC6598 addresses
because by looking at your given INVITE packet sdp section holds the private ip
which you are not testing, if your nat test success you should see following
lines in your logs. But atm I don't see them in provided one.
xlog("L_INFO", "contact has been fixed for NAT"); xlog("L_INFO",
"rtpproxy_offer has been executed");
On Thursday, 11 October 2018, 8:57:58 PM GMT+5:30, Steven Platt
<[email protected]> wrote:
Hi Pasan,
I'm not sure im understanding correctly on how to check for NAT in the relay
route. I add "if (nat_uac_test("1")) fix_nated_contact();" at the top of the
relay route, but no luck.
I have added additional log statements as well to check what functions are
applied. The log shows the client flagged for NAT on registration, and again on
reply_route as you say.
Below I have pasted the log prints and the full route config. Hopefully this
will give more information. On my test call, the contact field is still not
updated with the RTP Proxy address. Thanks again for your response.
--------------------
Call: Desktop (origination) ---> (Corporate NAT) ---> OPENSIPS ---> (CARRIER
NAT) ---> Android
ROUTE CONFIGURATION
####### Routing Logic ########
# main request routing logic
route{ /* see declaration of tid in trace_id section */ $var(trace_id) =
"tid"; $var(user) = "[email protected]";
force_rport(); if (nat_uac_test("23")) { if
(is_method("REGISTER")) { fix_nated_register();
setbflag(NAT);
#sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");
xlog("L_INFO", "registration has been flagged for NAT"); }
else { fix_nated_contact();
xlog("L_INFO", "contact has been fixed for NAT");
setflag(NAT); } }
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops"); exit; }
if (has_totag()) { # sequential request withing a dialog
should # take the path determined by record-routing
if (loose_route()) {
# validate the sequential request against dialog
if ( $DLG_status!=NULL && !validate_dialog() ) {
xlog("In-Dialog $rm from $si (callid=$ci) is not valid
according to dialog\n"); ## exit;
}
if (is_method("BYE")) {
# do accounting even if the transaction fails
do_accounting("db","failed");
} else if (is_method("INVITE")) {
# even if in most of the cases is useless, do
RR for # re-INVITEs alos, as some buggy clients
do change route set # during the dialog.
rtpproxy_engage();
xlog("L_INFO", "rtpproxy has been engaged");
record_route(); }
if (check_route_param("nat=yes"))
setflag(NAT);
# route it out to whatever destination was set by
loose_route() # in $du (destination URI).
route(relay); xlog("L_INFO", "route has been
sent to relay due to nat=yes flag"); } else {
if ( is_method("ACK") ) {
if ( t_check_trans() ) { # non
loose-route, but stateful ACK; must be an ACK after
# a 487 or e.g. 404 from upstream server
t_relay(); exit;
} else { # ACK without
matching transaction -> # ignore and
discard exit;
} } sl_send_reply("404","Not
here"); } exit; }
# CANCEL processing if (is_method("CANCEL")) {
if (t_check_trans()) t_relay(); exit;
}
t_check_trans();
if ( !(is_method("REGISTER") ) ) {
if (from_uri==myself)
{
# authenticate if from local subscriber
# authenticate all initial non-REGISTER request that pretend to be
# generated by local subscriber (domain from FROM URI is
local) if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
exit; } if (!db_check_from()) {
sl_send_reply("403","Forbidden auth ID");
exit; }
consume_credentials(); # caller
authenticated
} else { # if caller is not local, then
called number must be local
if (!uri==myself) {
send_reply("403","Rely forbidden"); exit;
} }
}
# preloaded route checking if (loose_route()) {
xlog("L_ERR", "Attempt to route with preloaded Route's
[$fu/$tu/$ru/$ci]"); if (!is_method("ACK"))
sl_send_reply("403","Preload Route denied"); exit; }
# record routing if (!is_method("REGISTER|MESSAGE"))
record_route();
# account only INVITEs if (is_method("INVITE")) {
# create dialog with timeout if (
!create_dialog("B") ) { send_reply("500","Internal
Server Error"); exit; }
do_accounting("db");
}
if (!uri==myself) { append_hf("P-hint: outbound\r\n");
route(relay); }
# requests for my domain
if (is_method("PUBLISH|SUBSCRIBE")) {
sl_send_reply("503", "Service Unavailable"); exit; }
if (is_method("REGISTER")) {
# authenticate the REGISTER requests if
(!www_authorize("", "subscriber")) {
www_challenge("", "0"); exit; }
if (!db_check_to()) {
sl_send_reply("403","Forbidden auth ID"); exit;
}
if ( proto==TCP || 0 ) setflag(TCP_PERSISTENT);
if (isflagset(NAT)) {
setbflag(SIP_PING_FLAG); xlog("L_INFO", "SIP_PING_FLAG
set"); }
if (!save("location")) sl_reply_error();
exit; }
if ($rU==NULL) { # request with no Username in RURI
sl_send_reply("484","Address Incomplete"); exit;
}
# apply DB based aliases alias_db_lookup("dbaliases");
# apply transformations from dialplan table
dp_translate("0","$rU/$rU");
# do lookup with method filtering if (!lookup("location","m")) {
if (!db_does_uri_exist()) {
send_reply("420","Bad Extension"); exit; }
t_newtran(); t_reply("404", "Not Found");
exit; }
if (isbflagset(NAT)) setflag(NAT);
# when routing via usrloc, log the missed calls also
do_accounting("db","missed");
route(relay);}
route[relay] {
if (nat_uac_test("1")) xlog("L_INFO", "NAT contact fixed
on relay route"); fix_nated_contact();
# for INVITEs enable some additional helper routes if
(is_method("INVITE")) {
sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");
if ( isflagset(NAT) ) {
rtpproxy_offer("of", "[OPENSIPS IP]"); xlog("L_INFO",
"rtpproxy_offer has been executed"); }
t_on_branch("per_branch_ops");
t_on_reply("handle_nat"); t_on_failure("missed_call"); }
if (isflagset(NAT)) { add_rr_param(";nat=yes");
}
if (!t_relay()) { send_reply("500","Internal Error");
}; exit;}
branch_route[per_branch_ops] { xlog("new branch at $ru\n");}
onreply_route[handle_nat] {
#sip_trace("$var(trace_id)", "d", "sip|xlog", "$var(user)");
if (nat_uac_test("1")) fix_nated_contact(); if (
isflagset(NAT)) rtpproxy_answer("of", "[OPENSIPS IP]");
xlog("L_INFO", "rtpproxy_answer has been executed");
xlog("incoming reply\n");}
failure_route[missed_call] { if (t_was_cancelled()) {
exit; }
# uncomment the following lines if you want to block client #
redirect based on 3xx replies. ##if (t_check_status("3[0-9][0-9]")) {
##t_reply("404","Not found"); ## exit; ##}
}
local_route { if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
acc_db_request("200 Dialog Timeout", "acc");
}}
LOG OUTPUT
Oct 11 15:06:33 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
registration has been flagged for NATOct 11 15:06:33
opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: registration has been
flagged for NATOct 11 15:06:34 opensips-23-4vcpu-8gb-sgp1-01
/usr/sbin/opensips[23672]: registration has been flagged for NATOct 11 15:06:34
opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: registration has been
flagged for NATOct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01
/usr/sbin/opensips[23681]: INFO:core:probe_max_sock_buff: using snd buffer of
416 kbOct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23681]:
INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 88Oct 11
15:06:40 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: registration
has been flagged for NATOct 11 15:06:40 opensips-23-4vcpu-8gb-sgp1-01
/usr/sbin/opensips[23671]: registration has been flagged for NATOct 11 15:06:41
opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: registration has been
flagged for NATOct 11 15:06:41 opensips-23-4vcpu-8gb-sgp1-01
/usr/sbin/opensips[23671]: registration has been flagged for NATOct 11 15:06:47
opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: new branch at
sip:1001@[CORPORATE NAT IP]:44876;transport=TCP;rinstance=890c499f01f2952dOct
11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: new branch
at sip:1001@[CARRIER NAT IP]:64261;transport=TCP;rinstance=08e5da8067b3e532Oct
11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]: new branch
at sip:1001@[CARRIER NAT IP]:42804;transport=TCP;rinstance=e880e7c4509fbf0bOct
11 15:06:47 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
INFO:core:probe_max_sock_buff: using snd buffer of 416 kbOct 11 15:06:47
opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23672]:
INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 80Oct 11
15:06:48 opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]:
rtpproxy_answer has been executedOct 11 15:06:48 opensips-23-4vcpu-8gb-sgp1-01
/usr/sbin/opensips[23671]: incoming replyOct 11 15:06:49
opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: rtpproxy_answer has
been executedOct 11 15:06:49 opensips-23-4vcpu-8gb-sgp1-01
/usr/sbin/opensips[23671]: incoming replyOct 11 15:06:50
opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: rtpproxy_answer has
been executedOct 11 15:06:50 opensips-23-4vcpu-8gb-sgp1-01
/usr/sbin/opensips[23671]: incoming replyOct 11 15:06:51
opensips-23-4vcpu-8gb-sgp1-01 /usr/sbin/opensips[23671]: rtpproxy_answer has
been executedOct 11 15:06:51 opensips-23-4vcpu-8gb-sgp1-01
/usr/sbin/opensips[23671]: incoming reply
On Wed, Oct 10, 2018 at 4:55 AM Pasan Meemaduma via Users
<[email protected]> wrote:
Hi Steven,
looking at your config it doesn't seems you are testing for nat in your main
route. only on reply route your have nat_uac_test function called.you need to
do the same in main route and set the NAT flag otherwise your condition "if (
isflagset(NAT) ) {rtpproxy_offer("of", "OPENSIPS IP");}" to use rtpproxy won't
work. you can verfiy it by adding an xlog statement inside that condition. As
per the given config it shouldn't print anything in log.
On Tuesday, 9 October 2018, 10:55:02 PM GMT+5:30, Steven Platt
<[email protected]> wrote:
Good morning,
I have an installation of OpenSIPS 2.3.5, with RTPProxy running on a single
server. RTP Proxy is running as normal, and logs show support for it enabled
during initial connection leg.
My error is that Opensips does not update the connection IP (c=) of the SDP to
force media to be proxied with RTPProxy. Instead, it keep the endpoint IP,
which is behind a NAT, because of this - I have no audio.
Is there something I miss in the configuration to enforce the update of the
connection IP in the SDP? (so that media goes through opensips/rtpproxy)
----------------------------
My flow:
desktop client (zoiper) <--> corporate NAT <--> OPENSIPS <--> carrier NAT <-->
android (zoiper)
Invite SDP Sent from Desktop Zoiper Client:
Via: SIP/2.0/TCP [CORPORATE
NAT]:59401;branch=z9hG4bK-524287-1---fecce2d50d9d5c20;rportMax-Forwards:
70Contact: <sip:1000@[CORPORATE NAT]:59401;transport=TCP>To:
<sip:1001@[OPENSIPS]:5060;transport=TCP>From:
<sip:1000@[OPENSIPS]:5060;transport=TCP>;tag=b27a0843Call-ID:
QMoyxf6JGTFYvxS5X8NsnA..CSeq: 2 INVITEAllow: INVITE, ACK, CANCEL, BYE, NOTIFY,
REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBEContent-Type:
application/sdpProxy-Authorization: Digest username="1000",realm="[OPENSIPS
IP]",nonce="5bbcdde1000000172b9f0086711cd36194c50f208fa420de",uri="sip:1001@[OPENSIPS
IP]:5060;transport=TCP",response="a609cb9d82930d2d32668d8d51d64cb4",algorithm=MD5User-Agent:
Z 5.2.19 rv2.8.99Allow-Events: presence, kpml, talkContent-Length: 161
v=0o=Z 0 0 IN IP4 [DESKTOP IP]s=Zc=IN IP4 [DESKTOP IP]t=0 0m=audio 8000 RTP/AVP
0 101 8a=rtpmap:101 telephone-event/8000a=fmtp:101 0-16a=sendrecv
The 200OK sent by Opensips to the calling device:
Via: SIP/2.0/TCP [CORPORATE NAT] :59401;received=[CARRIER
IP];branch=z9hG4bK-524287-1---fecce2d50d9d5c20;rport=59401Record-Route:
<sip:[OPENSIPS IP];transport=tcp;lr;did=081.1ad6d9>Contact:
<sip:1001@[CORPORATE NAT]:50758;transport=TCP>To: <sip:1001@[OPENSIPS
IP]:5060;transport=TCP>;tag=07be6967From: <sip:1000@[OPENSIPS
IP]:5060;transport=TCP>;tag=b27a0843Call-ID: QMoyxf6JGTFYvxS5X8NsnA..CSeq: 2
INVITEAllow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO,
SUBSCRIBEContent-Type: application/sdpUser-Agent: Zoiper rv2.8.105Allow-Events:
presence, kpml, talkContent-Length: 245
v=0o=Zoiper 0 1 IN IP4 [ANDROID IP]s=Zoiperc=IN IP4 [ANDROID IP]t=0 0m=audio
42032 RTP/AVP 0 3 8 101a=rtpmap:0 PCMU/8000a=rtpmap:3 GSM/8000a=rtpmap:8
PCMA/8000a=rtpmap:101 telephone-event/8000a=fmtp:101 0-16a=sendrecv
---------------------------------------------------
OpenSIPS Config
route[relay] { if (is_method("INVITE")) {
if ( isflagset(NAT) ) {
rtpproxy_offer("of", "OPENSIPS IP"); }
t_on_branch("per_branch_ops");
t_on_reply("handle_nat"); t_on_failure("missed_call"); }
if (isflagset(NAT)) { add_rr_param(";nat=yes");
}
if (!t_relay()) { send_reply("500","Internal Error");
}; exit;}
onreply_route[handle_nat] {
if (nat_uac_test("1"))
fix_nated_contact(); if ( isflagset(NAT) )
rtpproxy_answer("of", "OPENSIPS IP"); xlog("incoming reply\n");}
----------------------------------------------
I also do not see the (";nat=yes") being added in the SDP. Do I understand
correct that the script is not catching this call and flagging it correct as
NAT?
At this time, all signaling works as normal - only media is not being pinned to
the opensips IP in the 200 OK response.
Thanks in advance for any guidance on this one.
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
